Renewal configuration file /etc/letsencrypt/renewal/mydomain.bramp.net.conf (cert: mydomain.bramp.net) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.
I manually ran certbot in dry-run mode and it worked fine:
$ sudo certbot renew --dry-run
So this error only occurs when certbot is running as a cron job. Looking at
/etc/cron.d/certbot I see the user runs as root, so I tried the
certbot renew --dry-run again, but this time as the root user:
$ sudo su root@:~$ sudo certbot renew --dry-run
and bam, the same error. This error somehow related to the certbot-dns-cloudflare plugin, which proves the ownership of the domain with a DNS01 challenge via Cloudflare’s DNS. I use this form of challenge, because the domain in question is internal and not available on the Internet.
I had forgotten how I installed the plugin, but searching Google, it seems to be via
pip3. Clearly something was different between my root and normal user w/ sudo environments. So I did the following
$ sudo pip3 list | grep certbot certbot (0.23.0) certbot-apache (0.23.0) certbot-dns-cloudflare (0.24.0) $ sudo su root@:~$ pip3 list | grep certbot certbot (0.23.0) certbot-apache (0.23.0)
Aha, no certbot-dns-cloudflare when running as root. Clearly I hadn’t installed this correctly. Running
pip3 install certbot-dns-cloudflare as root fixed the problem, and voila, certbot correctly fetches new certs via a regular cron.